Microsoft Team Foundation Server — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Team Foundation Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2019-1306 — CVSS 9.8 (critical): A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input…
CVE-2019-1072 — CVSS 9.8 (critical): A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka…
CVE-2018-8529 — CVSS 9.8 (critical): A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication…
CVE-2020-0758 — CVSS 7.5 (high): An elevation of privilege vulnerability exists when Azure DevOps Server and Team Foundation Services improperly handle pipeline job tokens…
CVE-2019-0647 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team…
CVE-2019-0971 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a…
CVE-2019-0866 — CVSS 6.1 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user…
CVE-2019-0867 — CVSS 6.1 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user…
CVE-2019-0868 — CVSS 6.1 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user…
CVE-2019-0870 — CVSS 6.1 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user…
CVE-2019-0871 — CVSS 6.1 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user…
CVE-2019-0872 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user…
CVE-2018-8602 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team…
CVE-2019-0979 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user…
CVE-2019-0743 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team…
CVE-2019-1076 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team…
CVE-2019-1305 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team…
CVE-2019-0742 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team…
CVE-2020-0700 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure…
CVE-2019-0646 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team…
CVE-2019-0777 — CVSS 5.4 (medium): A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team…